diff --git a/net/icmp/icmp_sendto.c b/net/icmp/icmp_sendto.c
index 8ae05879fa5..cb49320a0bc 100644
--- a/net/icmp/icmp_sendto.c
+++ b/net/icmp/icmp_sendto.c
@@ -317,6 +317,14 @@ ssize_t icmp_sendto(FAR struct socket *psock, FAR const void *buf,
       goto errout;
     }
 
+  /* Sanity check if the request len is greater than the net payload len */
+
+  if (len > NETDEV_PKTSIZE(dev) - (NET_LL_HDRLEN(dev) + IPv4_HDRLEN))
+    {
+      nerr("ERROR: Invalid packet length\n");
+      return -EINVAL;
+    }
+
   /* If we are no longer processing the same ping ID, then flush any pending
    * packets from the read-ahead buffer.
    *
diff --git a/net/icmpv6/icmpv6_sendto.c b/net/icmpv6/icmpv6_sendto.c
index 3ee6881046a..8a275f0139c 100644
--- a/net/icmpv6/icmpv6_sendto.c
+++ b/net/icmpv6/icmpv6_sendto.c
@@ -308,6 +308,14 @@ ssize_t icmpv6_sendto(FAR struct socket *psock, FAR const void *buf,
       goto errout;
     }
 
+  /* Sanity check if the request len is greater than the net payload len */
+
+  if (len > NETDEV_PKTSIZE(dev) - (NET_LL_HDRLEN(dev) + IPv6_HDRLEN))
+    {
+      nerr("ERROR: Invalid packet length\n");
+      return -EINVAL;
+    }
+
   /* If we are no longer processing the same ping ID, then flush any pending
    * packets from the read-ahead buffer.
    *