diff --git a/tap/extensions/kafka/request.go b/tap/extensions/kafka/request.go
index 4847bf777..cb4ac4748 100644
--- a/tap/extensions/kafka/request.go
+++ b/tap/extensions/kafka/request.go
@@ -25,6 +25,10 @@ func ReadRequest(r io.Reader, tcpID *api.TcpID) (apiKey ApiKey, apiVersion int16
 		return 0, 0, fmt.Errorf("A Kafka message cannot be bigger than 1MB")
 	}
 
+	if size < 8 {
+		return 0, 0, fmt.Errorf("A Kafka request header cannot be smaller than 8 bytes")
+	}
+
 	if err = d.err; err != nil {
 		err = dontExpectEOF(err)
 		return 0, 0, err
diff --git a/tap/extensions/kafka/response.go b/tap/extensions/kafka/response.go
index bf7133e12..ac4debf8a 100644
--- a/tap/extensions/kafka/response.go
+++ b/tap/extensions/kafka/response.go
@@ -23,6 +23,10 @@ func ReadResponse(r io.Reader, tcpID *api.TcpID, emitter api.Emitter) (err error
 		return fmt.Errorf("A Kafka message cannot be bigger than 1MB")
 	}
 
+	if size < 4 {
+		return fmt.Errorf("A Kafka response header cannot be smaller than 8 bytes")
+	}
+
 	if err = d.err; err != nil {
 		err = dontExpectEOF(err)
 		return err