diff --git a/NEWS b/NEWS
index 0d6d9ffb..ca1e206e 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,7 @@ NEWS
 
 - 1.4.35
   * [network/ssl] fix build error if TLSEXT is disabled
-
+  * [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)
 
 - 1.4.34
   * [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c
index 056624be..64cc2442 100644
--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@@ -2420,11 +2420,12 @@ static int fastcgi_get_packet(server *srv, handler_ctx *hctx, fastcgi_response_p
 	if ((packet->b->used == 0) ||
 	    (packet->b->used - 1 < sizeof(FCGI_Header))) {
 		/* no header */
-		buffer_free(packet->b);
-
 		if (hctx->plugin_data->conf.debug) {
 			log_error_write(srv, __FILE__, __LINE__, "sdsds", "FastCGI: header too small:", packet->b->used, "bytes <", sizeof(FCGI_Header), "bytes, waiting for more data");
 		}
+
+		buffer_free(packet->b);
+
 		return -1;
 	}