diff --git a/lib/aes.js b/lib/aes.js
index aa300a1..099e16c 100644
--- a/lib/aes.js
+++ b/lib/aes.js
@@ -149,7 +149,17 @@ class AesGcm extends Aes {
 
     const decipher = crypto.createDecipheriv(
       this.ALGO_AES_256_GCM, key, iv
-    ).setAuthTag(tag).setAAD(Buffer.from(aad))
+    )
+
+    // Restrict valid GCM tag length, patches for Node < 11.0.0
+    // more @see https://github.com/nodejs/node/pull/20039
+    const tagLen = tag.length
+    if (tagLen > 16 || (tagLen < 12 && tagLen != 8 && tagLen != 4)) {
+      let backport = new TypeError(`Invalid authentication tag length: ${tagLen}`)
+      backport.code = 'ERR_CRYPTO_INVALID_AUTH_TAG'
+      throw backport
+    }
+    decipher.setAuthTag(tag).setAAD(Buffer.from(aad))
 
     return Buffer.concat([
       decipher.update(payload, this.hex),
diff --git a/tests/lib/aes.test.js b/tests/lib/aes.test.js
index 5351722..fbfb7dd 100644
--- a/tests/lib/aes.test.js
+++ b/tests/lib/aes.test.js
@@ -226,8 +226,8 @@ describe('lib/aes', () => {
       should(() => {
         aes.decrypt(mockupIv, mockupKey, '')
       }).throw(Error, {
+        code: 'ERR_CRYPTO_INVALID_AUTH_TAG',
         message: 'Invalid authentication tag length: 0',
-        stack: /at Decipheriv\.setAuthTag/,
       })
     })