diff --git a/components/bt/esp_ble_mesh/mesh_core/proxy_client.c b/components/bt/esp_ble_mesh/mesh_core/proxy_client.c
index 215b443ce..e7870cd25 100644
--- a/components/bt/esp_ble_mesh/mesh_core/proxy_client.c
+++ b/components/bt/esp_ble_mesh/mesh_core/proxy_client.c
@@ -154,6 +154,11 @@ static void proxy_cfg(struct bt_mesh_proxy_server *server)
     u8_t opcode = 0U;
     int err = 0;
 
+    if (server->buf.len > 29) {
+        BT_ERR("Too large proxy cfg pdu (len %d)", server->buf.len);
+        return;
+    }
+
     err = bt_mesh_net_decode(&server->buf, BLE_MESH_NET_IF_PROXY_CFG,
                              &rx, &buf);
     if (err) {
diff --git a/components/bt/esp_ble_mesh/mesh_core/proxy_server.c b/components/bt/esp_ble_mesh/mesh_core/proxy_server.c
index 5f1ef084f..bf7f5145a 100644
--- a/components/bt/esp_ble_mesh/mesh_core/proxy_server.c
+++ b/components/bt/esp_ble_mesh/mesh_core/proxy_server.c
@@ -292,6 +292,11 @@ static void proxy_cfg(struct bt_mesh_proxy_client *client)
     u8_t opcode = 0U;
     int err = 0;
 
+    if (client->buf.len > 29) {
+        BT_ERR("Too large proxy cfg pdu (len %d)", client->buf.len);
+        return;
+    }
+
     err = bt_mesh_net_decode(&client->buf, BLE_MESH_NET_IF_PROXY_CFG,
                              &rx, &buf);
     if (err) {