@ariard the issue was that a buffer was preallocated based on the encoded length. So it’s not that they can send a message larger than the max size (protocol prevents that at the wire level), instead eager preallocation caused lnd to allocate a large amount of memory.
A BigSize varint is used in the wire encoding, so the length prefix can be a value larger than 65535.