diff --git a/pkg/vm/vm.go b/pkg/vm/vm.go
index c914fd829..8671d5acb 100644
--- a/pkg/vm/vm.go
+++ b/pkg/vm/vm.go
@@ -28,8 +28,12 @@ var (
 const (
 	// MaxArraySize is the maximum array size allowed in the VM.
 	MaxArraySize = 1024
-	maxSHLArg    = 256
-	minSHLArg    = -256
+
+	// MaxItemSize is the maximum item size allowed in the VM.
+	MaxItemSize = 1024 * 1024
+
+	maxSHLArg = 256
+	minSHLArg = -256
 )
 
 // VM represents the virtual machine.
@@ -439,6 +443,9 @@ func (v *VM) execute(ctx *Context, op Instruction, parameter []byte) {
 	case CAT:
 		b := v.estack.Pop().Bytes()
 		a := v.estack.Pop().Bytes()
+		if l := len(a) + len(b); l > MaxItemSize {
+			panic(fmt.Sprintf("too big item: %d", l))
+		}
 		ab := append(a, b...)
 		v.estack.PushVal(ab)
 	case SUBSTR:
diff --git a/pkg/vm/vm_test.go b/pkg/vm/vm_test.go
index d2f09923e..dea4a421f 100644
--- a/pkg/vm/vm_test.go
+++ b/pkg/vm/vm_test.go
@@ -1413,6 +1413,15 @@ func TestCATBadOneArg(t *testing.T) {
 	assert.Equal(t, true, vm.HasFailed())
 }
 
+func TestCATBadBigItem(t *testing.T) {
+	prog := makeProgram(CAT)
+	vm := load(prog)
+	vm.estack.PushVal(make([]byte, MaxItemSize/2+1))
+	vm.estack.PushVal(make([]byte, MaxItemSize/2+1))
+	vm.Run()
+	assert.Equal(t, true, vm.HasFailed())
+}
+
 func TestCATGood(t *testing.T) {
 	prog := makeProgram(CAT)
 	vm := load(prog)