diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp
index a33d4fef..728ac01d 100644
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@@ -695,7 +695,7 @@ namespace transport
 						return;
 					}
 					auto size = bufbe16toh (buf.data () + 1);
-					if (size > buf.size () - 3)
+					if (size > buf.size () - 3 || size > i2p::data::MAX_RI_BUFFER_SIZE + 1)
 					{
 						LogPrint (eLogError, "NTCP2: Unexpected RouterInfo size ", size, " in SessionConfirmed");
 						Terminate ();
@@ -960,14 +960,19 @@ namespace transport
 				case eNTCP2BlkRouterInfo:
 				{
 					LogPrint (eLogDebug, "NTCP2: RouterInfo flag=", (int)frame[offset]);	
-					auto newRi = i2p::data::netdb.AddRouterInfo (frame + offset + 1, size - 1);
-					if (newRi)
-					{
-						auto remoteIdentity = GetRemoteIdentity ();
-						if (remoteIdentity && remoteIdentity->GetIdentHash () == newRi->GetIdentHash ())
-							// peer's RouterInfo update
-							SetRemoteIdentity (newRi->GetIdentity ());
+					if (size <= i2p::data::MAX_RI_BUFFER_SIZE + 1)
+					{		
+						auto newRi = i2p::data::netdb.AddRouterInfo (frame + offset + 1, size - 1);
+						if (newRi)
+						{
+							auto remoteIdentity = GetRemoteIdentity ();
+							if (remoteIdentity && remoteIdentity->GetIdentHash () == newRi->GetIdentHash ())
+								// peer's RouterInfo update
+								SetRemoteIdentity (newRi->GetIdentity ());
+						}	
 					}	
+					else
+						LogPrint (eLogInfo, "NTCP2: RouterInfo block is too long ", size);
 					break;
 				}
 				case eNTCP2BlkI2NPMessage:
diff --git a/libi2pd/SSU2Session.cpp b/libi2pd/SSU2Session.cpp
index d98b06c3..192a2db2 100644
--- a/libi2pd/SSU2Session.cpp
+++ b/libi2pd/SSU2Session.cpp
@@ -2937,13 +2937,15 @@ namespace transport
 			i2p::data::GzipInflator inflator;
 			uint8_t uncompressed[i2p::data::MAX_RI_BUFFER_SIZE];
 			size_t uncompressedSize = inflator.Inflate (buf + 2, size - 2, uncompressed, i2p::data::MAX_RI_BUFFER_SIZE);
-			if (uncompressedSize && uncompressedSize < i2p::data::MAX_RI_BUFFER_SIZE)
+			if (uncompressedSize && uncompressedSize <= i2p::data::MAX_RI_BUFFER_SIZE)
 				ri = std::make_shared<i2p::data::RouterInfo>(uncompressed, uncompressedSize);
 			else
 				LogPrint (eLogInfo, "SSU2: RouterInfo decompression failed ", uncompressedSize);
 		}
-		else
+		else if (size <= i2p::data::MAX_RI_BUFFER_SIZE + 2)
 			ri = std::make_shared<i2p::data::RouterInfo>(buf + 2, size - 2);
+		else
+			LogPrint (eLogInfo, "SSU2: RouterInfo is too long ", size);
 		return ri;
 	}