diff --git a/src/srtp/srtcp.c b/src/srtp/srtcp.c
index 4f8ed9e67..4be0cc169 100644
--- a/src/srtp/srtcp.c
+++ b/src/srtp/srtcp.c
@@ -172,6 +172,9 @@ int srtcp_decrypt(struct srtp *srtp, struct mbuf *mb)
 		uint8_t tag_pkt[SHA_DIGEST_LENGTH] = {0};
 		const size_t tag_start = mb->pos;
 
+		if (rtcp->tag_len > SHA_DIGEST_LENGTH)
+			return ERANGE;
+
 		err = mbuf_read_mem(mb, tag_pkt, rtcp->tag_len);
 		if (err)
 			return err;