diff --git a/src/main/java/org/apache/commons/lang3/SerializationUtils.java b/src/main/java/org/apache/commons/lang3/SerializationUtils.java
index b608b7dca..7ab6a1124 100644
--- a/src/main/java/org/apache/commons/lang3/SerializationUtils.java
+++ b/src/main/java/org/apache/commons/lang3/SerializationUtils.java
@@ -207,7 +207,7 @@ public class SerializationUtils {
             @SuppressWarnings("unchecked")
             final T obj = (T) in.readObject();
             return obj;
-        } catch (final ClassNotFoundException | IOException ex) {
+        } catch (final ClassNotFoundException | IOException | NegativeArraySizeException ex) {
             throw new SerializationException(ex);
         }
     }
diff --git a/src/test/java/org/apache/commons/lang3/SerializationUtilsTest.java b/src/test/java/org/apache/commons/lang3/SerializationUtilsTest.java
index 9e3ed25de..9c9efaad0 100644
--- a/src/test/java/org/apache/commons/lang3/SerializationUtilsTest.java
+++ b/src/test/java/org/apache/commons/lang3/SerializationUtilsTest.java
@@ -360,4 +360,13 @@ public class SerializationUtilsTest extends AbstractLangTest {
         assertThrows(SerializationException.class, () -> SerializationUtils.serialize(iMap, streamTest));
     }
 
+    @Test
+    public void testNegativeByteArray() throws IOException {
+        final byte[] byteArray = {
+            (byte) -84, (byte) -19, (byte) 0, (byte) 5, (byte) 125, (byte) -19, (byte) 0,
+            (byte) 5, (byte) 115, (byte) 114, (byte) -1, (byte) 97, (byte) 122, (byte) -48, (byte) -65
+        };
+
+        assertThrows(SerializationException.class, () -> SerializationUtils.deserialize(new ByteArrayInputStream(byteArray)));
+    }
 }