diff --git a/ChangeLog.txt b/ChangeLog.txt
index b5a72307..e317f438 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -4,6 +4,7 @@
 Security:
 - Fix leak on malicious SUBSCRIBE by authenticated client.
   Closes eclipse #248.
+- Further fix for CVE-2023-28366.
 
 Broker:
 - Fix clients sending a RESERVED packet not being quickly disconnected.
diff --git a/lib/packet_mosq.c b/lib/packet_mosq.c
index 4d2f4fe6..d2335021 100644
--- a/lib/packet_mosq.c
+++ b/lib/packet_mosq.c
@@ -155,6 +155,7 @@ int packet__queue(struct mosquitto *mosq, struct mosquitto__packet *packet)
 
 #ifdef WITH_BROKER
 	if(db.config->max_queued_messages > 0 && mosq->out_packet_count >= db.config->max_queued_messages){
+		packet__cleanup(packet);
 		mosquitto__free(packet);
 		if(mosq->is_dropping == false){
 			mosq->is_dropping = true;