diff --git a/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-4923810761539584 b/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-4923810761539584
new file mode 100644
index 000000000000..3b8e4f8f2497
--- /dev/null
+++ b/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-4923810761539584
@@ -0,0 +1,14 @@
+actions {
+  target_index: 16
+  reserve_commit {
+    reserve_length: 65536
+    commit_length: 65536
+  }
+}
+actions {
+  target_index: 6512896
+  reserve_commit {
+    reserve_length: 3
+    commit_length: 6512896
+  }
+}
\ No newline at end of file
diff --git a/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-6365038174666752 b/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-6365038174666752
new file mode 100644
index 000000000000..5596af58c461
--- /dev/null
+++ b/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-6365038174666752
@@ -0,0 +1 @@
+actions {   reserve_commit {     reserve_length:  31072     commit_length: 65536   } } actions {   add_buffer_fragment: 1 } 
\ No newline at end of file
diff --git a/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-6672326676578304 b/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-6672326676578304
new file mode 100644
index 000000000000..f267de6d3bcc
--- /dev/null
+++ b/test/common/buffer/buffer_corpus/clusterfuzz-testcase-minimized-6672326676578304
@@ -0,0 +1,7 @@
+actions {
+  target_index: 16809984
+  reserve_commit {
+    reserve_length: 8388608
+    commit_length: 16809984
+  }
+}
\ No newline at end of file
diff --git a/test/common/buffer/buffer_fuzz.cc b/test/common/buffer/buffer_fuzz.cc
index 59a3be5eb4dc..ffe24dcbed0d 100644
--- a/test/common/buffer/buffer_fuzz.cc
+++ b/test/common/buffer/buffer_fuzz.cc
@@ -457,23 +457,26 @@ void executeActions(const test::common::buffer::BufferFuzzTestCase& input, Buffe
       // return the pointer to its std::string array, we can avoid the
       // toString() copy here.
       const uint64_t linear_buffer_length = linear_buffers[j]->length();
-      if (buffers[j]->toString() !=
-          absl::string_view(
+      // We may have spilled over TotalMaxAllocation at this point. Only compare up to
+      // TotalMaxAllocation.
+      if (absl::string_view(
               static_cast<const char*>(linear_buffers[j]->linearize(linear_buffer_length)),
-              linear_buffer_length)) {
+              linear_buffer_length)
+              .compare(buffers[j]->toString().substr(0, TotalMaxAllocation)) != 0) {
         ENVOY_LOG_MISC(debug, "Mismatched buffers at index {}", j);
         ENVOY_LOG_MISC(debug, "B: {}", buffers[j]->toString());
         ENVOY_LOG_MISC(debug, "L: {}", linear_buffers[j]->toString());
         FUZZ_ASSERT(false);
       }
-      FUZZ_ASSERT(buffers[j]->length() == linear_buffer_length);
+      FUZZ_ASSERT(std::min(TotalMaxAllocation, static_cast<uint32_t>(buffers[j]->length())) ==
+                  linear_buffer_length);
       current_allocated_bytes += linear_buffer_length;
     }
     ENVOY_LOG_MISC(debug, "[{} MB allocated total]", current_allocated_bytes / (1024.0 * 1024));
     // We bail out if buffers get too big, otherwise we will OOM the sanitizer.
     // We can't use Memory::Stats::totalCurrentlyAllocated() here as we don't
     // have tcmalloc in ASAN builds, so just do a simple count.
-    if (current_allocated_bytes > TotalMaxAllocation) {
+    if (current_allocated_bytes >= TotalMaxAllocation) {
       ENVOY_LOG_MISC(debug, "Terminating early with total buffer length {} to avoid OOM",
                      current_allocated_bytes);
       break;