diff --git a/CHANGELOG.md b/CHANGELOG.md
index f960aa4aec..e519de1f0c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa
 
 ## Master
 
+- Prevent infinite loop when parsing corrupted lockfile with unterminated string
+
+  [#4965](https://github.com/yarnpkg/yarn/pull/4965) - [**Ryan Hendrickson**](https://github.com/rhendric)
+
 - Environment variables now have to **start** with `YARN_` (instead of just contain it) to be considered
 
   [#6518](https://github.com/yarnpkg/yarn/pull/6518) - [**Michael Gmelin**](https://blog.grem.de)
diff --git a/src/lockfile/parse.js b/src/lockfile/parse.js
index 65ea9297bb..2348746063 100644
--- a/src/lockfile/parse.js
+++ b/src/lockfile/parse.js
@@ -94,7 +94,7 @@ function* tokenise(input: string): Iterator<Token> {
       }
     } else if (input[0] === '"') {
       let i = 1;
-      for (; ; i++) {
+      for (; i < input.length; i++) {
         if (input[i] === '"') {
           const isEscaped = input[i - 1] === '\\' && input[i - 2] !== '\\';
           if (!isEscaped) {