diff --git a/src/scan.c b/src/scan.c
index add4eb50410656e26e074756854fe313da95bfc9..9d43e74391410f177b7bbdffb77ed2e524c23c3b 100644
--- a/src/scan.c
+++ b/src/scan.c
@@ -322,7 +322,7 @@ int add_scanres_element(struct controller *c,
 		uint8_t len = 0, ssidlen;
 		uint8_t info = 0x00;
 		uint8_t bw_len;
-		char *endptr = NULL;
+		char buf[6] = {0};
 
 		nbr = calloc(1, sizeof(*nbr));
 		if (!nbr)
@@ -341,11 +341,19 @@ int add_scanres_element(struct controller *c,
 		nbr->rssi = rcpi_to_rssi(tv_data[offset]);
 		offset++;
 		bw_len = tv_data[offset++];
-		errno = 0;
-		nbr->bw = strtol((char *)&tv_data[offset], &endptr, 10);
-		if (errno || *endptr != '\0') {
-			warn("%s: Error parsing bw value: %s\n",
-			     __func__, (char *)&tv_data[offset]);
+		if (bw_len > sizeof(buf)) {
+			warn("%s: bw_len %d is too long\n", __func__, bw_len);
+			goto error;
+		} else {
+			char *endptr = NULL;
+
+			errno = 0;
+			memcpy(buf, &tv_data[offset], bw_len);
+			nbr->bw = strtol(buf, &endptr, 10);
+			if (errno || *endptr != '\0') {
+				warn("%s: Error parsing bw value: %s\n",
+				     __func__, (char *)&tv_data[offset]);
+			}
 		}
 		offset += bw_len;
 		info = tv_data[offset];