diff --git a/sys/net/bridgestp.c b/sys/net/bridgestp.c
index 9e3a3e14ecda..d7ef0edbd42e 100644
--- a/sys/net/bridgestp.c
+++ b/sys/net/bridgestp.c
@@ -597,6 +597,20 @@ bstp_received_bpdu(struct bstp_state *bs, struct bstp_port *bp,
 			return;
 	}
 
+	/* range checks */
+	if (cu->cu_message_age >= cu->cu_max_age) {
+		return;
+	}
+	if ((cu->cu_max_age < (6 * 256)) || (cu->cu_max_age > (40 * 256))) {
+		return;
+	}
+	if ((cu->cu_forward_delay < (4 * 256)) || (cu->cu_forward_delay > (30 * 256))) {
+		return;
+	}
+	if ((cu->cu_hello_time < 256) || (cu->cu_hello_time> (2 * 256))) {
+		return;
+	}
+
 	type = bstp_pdu_rcvtype(bp, cu);
 
 	switch (type) {