diff --git a/print-lwres.c b/print-lwres.c
index 1c195a4d68..664146af59 100644
--- a/print-lwres.c
+++ b/print-lwres.c
@@ -291,7 +291,9 @@ lwres_print(netdissect_options *ndo,
 	if (ndo->ndo_vflag || v != LWRES_LWPACKETVERSION_0)
 		ND_PRINT(" v%u", v);
 	if (v != LWRES_LWPACKETVERSION_0) {
-		s = bp + GET_BE_U_4(np->length);
+		uint32_t pkt_len = GET_BE_U_4(np->length);
+		ND_TCHECK_LEN(bp, pkt_len);
+		s = bp + pkt_len;
 		goto tail;
 	}
 
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 94a986e2a0..ed73632b73 100644
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -915,3 +915,4 @@ bgp-ub  bgp-ub.pcap     bgp-ub.out      -v
 fletcher-checksum-negative-shift fletcher-checksum-negative-shift.pcap fletcher-checksum-negative-shift.out     -v
 ip-snmp-leftshift-unsigned      ip-snmp-leftshift-unsigned.pcap      ip-snmp-leftshift-unsigned.out
 ip6-snmp-oid-unsigned   ip6-snmp-oid-unsigned.pcap      ip6-snmp-oid-unsigned.out
+lwres-pointer-arithmetic-ub	lwres-pointer-arithmetic-ub.pcap	lwres-pointer-arithmetic-ub.out
diff --git a/tests/lwres-pointer-arithmetic-ub.out b/tests/lwres-pointer-arithmetic-ub.out
new file mode 100644
index 0000000000..f4953f4b6e
--- /dev/null
+++ b/tests/lwres-pointer-arithmetic-ub.out
@@ -0,0 +1 @@
+    1  14:31:29.364332 IP6 fe80:0:10ff:15:1800:1a00:0:100.921 > a00:300:115:1800:1a00:f4:100:a00.0:  lwres v41634 [|lwres]
diff --git a/tests/lwres-pointer-arithmetic-ub.pcap b/tests/lwres-pointer-arithmetic-ub.pcap
new file mode 100644
index 0000000000..095fcbcba3
Binary files /dev/null and b/tests/lwres-pointer-arithmetic-ub.pcap differ