diff --git a/libi2pd/I2NPProtocol.cpp b/libi2pd/I2NPProtocol.cpp
index 1a5b1cde..f100c6e5 100644
--- a/libi2pd/I2NPProtocol.cpp
+++ b/libi2pd/I2NPProtocol.cpp
@@ -424,6 +424,11 @@ namespace i2p
 	{
 		int num = buf[0];
 		LogPrint (eLogDebug, "I2NP: VariableTunnelBuild ", num, " records");
+		if (num > i2p::tunnel::MAX_NUM_RECORDS)
+		{
+			LogPrint (eLogError, "I2NP: Too many records in VaribleTunnelBuild message ", num);
+			return;
+		}	
 		if (len < num*TUNNEL_BUILD_RECORD_SIZE + 1)
 		{
 			LogPrint (eLogError, "I2NP: VaribleTunnelBuild message of ", num, " records is too short ", len);
@@ -477,6 +482,11 @@ namespace i2p
 	{
 		int num = buf[0];
 		LogPrint (eLogDebug, "I2NP: TunnelBuildReplyMsg of ", num, " records replyMsgID=", replyMsgID);
+		if (num > i2p::tunnel::MAX_NUM_RECORDS)
+		{
+			LogPrint (eLogError, "I2NP: Too many records in TunnelBuildReply message ", num);
+			return;
+		}	
 		size_t recordSize = isShort ? SHORT_TUNNEL_BUILD_RECORD_SIZE : TUNNEL_BUILD_RECORD_SIZE;
 		if (len < num*recordSize + 1)
 		{
@@ -508,6 +518,11 @@ namespace i2p
 	{
 		int num = buf[0];
 		LogPrint (eLogDebug, "I2NP: ShortTunnelBuild ", num, " records");
+		if (num > i2p::tunnel::MAX_NUM_RECORDS)
+		{
+			LogPrint (eLogError, "I2NP: Too many records in ShortTunnelBuild message ", num);
+			return;
+		}	
 		if (len < num*SHORT_TUNNEL_BUILD_RECORD_SIZE + 1)
 		{
 			LogPrint (eLogError, "I2NP: ShortTunnelBuild message of ", num, " records is too short ", len);