diff --git a/CHANGELOG b/CHANGELOG
index 5695d710c..e84fb0523 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,11 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Fixed a stack overflow that would happen when a nameserver entry in
+  /etc/resolv.conf contained more than 16 bytes, as could legitimately
+  happen with an IPv6 address. Gunnar Lindberg reported the problem
+  and contributed an initial patch, then Brandon and Kris refined and
+  implemented it.
+
 o [Zenmap] Added a workaround for a Ubuntu Python packaging idiosyncrasy.
   As of version python2.6-2.6.4-0ubuntu3, Ubuntu's distutils modifies
   self.prefix, a variable we use in the setup.py script. This would
diff --git a/nmap_dns.cc b/nmap_dns.cc
index d82f28da6..e74fd85a2 100644
--- a/nmap_dns.cc
+++ b/nmap_dns.cc
@@ -937,7 +937,8 @@ void win32_read_registry(char *controlset) {
 static void parse_resolvdotconf() {
   FILE *fp;
   char buf[2048], *tp;
-  char ipaddr[16];
+  char fmt[32];
+  char ipaddr[INET6_ADDRSTRLEN];
 
   fp = fopen("/etc/resolv.conf", "r");
   if (fp == NULL) {
@@ -945,6 +946,9 @@ static void parse_resolvdotconf() {
     return;
   }
 
+  /* Customize a sscanf format to sizeof(ipaddr). */
+  Snprintf(fmt, sizeof(fmt), "nameserver %%%us", sizeof(ipaddr));
+
   while (fgets(buf, sizeof(buf), fp)) {
     tp = buf;
 
@@ -956,7 +960,7 @@ static void parse_resolvdotconf() {
     // Skip any leading whitespace
     while (*tp == ' ' || *tp == '\t') tp++;
 
-    if (sscanf(tp, "nameserver %65s", ipaddr) == 1) add_dns_server(ipaddr);
+    if (sscanf(tp, fmt, ipaddr) == 1) add_dns_server(ipaddr);
   }
 
   fclose(fp);