diff --git a/THIRD-PARTY b/THIRD-PARTY
index 02ae882..0387e86 100644
--- a/THIRD-PARTY
+++ b/THIRD-PARTY
@@ -2668,7 +2668,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 The following npm package may be included in this product:
 
- - basic-ftp@5.3.0
+ - basic-ftp@5.3.1
 
 This package contains the following license:
 
diff --git a/dist/index.js b/dist/index.js
index 991fb0a..370c7aa 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -52284,6 +52284,7 @@ var require_FtpContext = __commonJS({
     exports2.FTPError = FTPError;
     function doNothing() {
     }
+    var maxControlResponseLength = 2 ** 16;
     var FTPContext = class {
       /**
        * Instantiate an FTP context.
@@ -52501,6 +52502,10 @@ Closing reason: ${this._closingError.stack}`;
        */
       _onControlSocketData(chunk) {
         this.log(`< ${chunk}`);
+        if (this._partialResponse.length + chunk.length > maxControlResponseLength) {
+          this.closeWithError(new Error("FTP control response exceeded maximum allowed size"));
+          return;
+        }
         const completeResponse = this._partialResponse + chunk;
         const parsed = (0, parseControlResponse_1.parseControlResponse)(completeResponse);
         this._partialResponse = parsed.rest;