diff --git a/src/vlserver/vldbint.xg b/src/vlserver/vldbint.xg
index d97e092c48..d955a0da51 100644
--- a/src/vlserver/vldbint.xg
+++ b/src/vlserver/vldbint.xg
@@ -200,7 +200,12 @@ const VLOP_DUMP        = 0x100;
 typedef	vldbentry bulkentries<>;
 typedef	nvldbentry nbulkentries<>;
 typedef	uvldbentry ubulkentries<>;
-typedef afs_uint32 bulkaddrs<>;
+/*
+ * 500 is an arbitrary implementation limit, larger than what we support storing.
+ * It lets the XDR decoder detect an attack (excessively large input) and reject
+ * it without incurring excessive resource usage.
+ */
+typedef afs_uint32 bulkaddrs<500>;
 
 struct VLCallBack {
     afs_uint32 CallBackVersion;