diff --git a/CHANGELOG.md b/CHANGELOG.md
index d03faf68e..62118e64b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@
 - relay: limit size of decompressed websocket frame with permessage-deflate to prevent memory exhaustion ([GHSA-v2v4-45wm-5cr3](https://github.com/weechat/weechat/security/advisories/GHSA-v2v4-45wm-5cr3))
 - relay/weechat: fix empty buffers in client when WeeChat is running on Solaris/illumos
 - relay: limit size of partial message received while reading an HTTP request to prevent memory exhaustion
+- relay: fix out-of-bounds read in dump of data ([#2324](https://github.com/weechat/weechat/issues/2324))
 - xfer: replace directory separator in remote nick by underscore in download filename to prevent writing the file outside the download directory ([#2321](https://github.com/weechat/weechat/issues/2321))
 - xfer: fix out-of-bounds read when receiving empty line in DCC chat ([#2323](https://github.com/weechat/weechat/issues/2323))
 - build: fix build on Solaris/illumos (issue #2251)
diff --git a/src/plugins/relay/relay-http.c b/src/plugins/relay/relay-http.c
index 1e846df85..079cef535 100644
--- a/src/plugins/relay/relay-http.c
+++ b/src/plugins/relay/relay-http.c
@@ -1660,7 +1660,7 @@ relay_http_print_log_request (struct t_relay_http_request *request)
     weechat_log_printf ("    path_items. . . . . . . : %p", request->path_items);
     if (request->path_items)
     {
-        for (i = 0; request->path_items[0]; i++)
+        for (i = 0; request->path_items[i]; i++)
         {
             weechat_log_printf ("      '%s'", request->path_items[i]);
         }