diff --git a/udp_mux_test.go b/udp_mux_test.go
index 296438c..b06b95d 100644
--- a/udp_mux_test.go
+++ b/udp_mux_test.go
@@ -402,6 +402,20 @@ func TestUDPMuxedConn_WriteTo_newIPPortError(t *testing.T) {
 	require.Error(t, err)
 }
 
+func TestUDPMuxedConn_WriteTo_InvalidPort(t *testing.T) {
+	conn := secondTestMuxedConn(t, 64)
+
+	raddr := &net.UDPAddr{IP: net.IPv4(1, 2, 3, 4), Port: -1}
+	n, err := conn.WriteTo([]byte("x"), raddr)
+	require.Equal(t, 0, n)
+	require.ErrorIs(t, err, ErrPort)
+
+	raddr = &net.UDPAddr{IP: net.IPv4(1, 2, 3, 4), Port: 0x10000}
+	n, err = conn.WriteTo([]byte("x"), raddr)
+	require.Equal(t, 0, n)
+	require.ErrorIs(t, err, ErrPort)
+}
+
 func TestUDPMuxedConn_SetDeadlines(t *testing.T) {
 	conn := secondTestMuxedConn(t, 64)
 
diff --git a/udp_muxed_conn.go b/udp_muxed_conn.go
index d8409e0..c9f4d26 100644
--- a/udp_muxed_conn.go
+++ b/udp_muxed_conn.go
@@ -103,8 +103,11 @@ func (c *udpMuxedConn) WriteTo(buf []byte, rAddr net.Addr) (n int, err error) {
 		return 0, errFailedToCastUDPAddr
 	}
 
-	//nolint:gosec // TODO add port validation G115
-	ipAndPort, err := newIPPort(netUDPAddr.IP, netUDPAddr.Zone, uint16(netUDPAddr.Port))
+	port := netUDPAddr.Port
+	if port < 0 || port > 0xFFFF {
+		return 0, ErrPort
+	}
+	ipAndPort, err := newIPPort(netUDPAddr.IP, netUDPAddr.Zone, uint16(port))
 	if err != nil {
 		return 0, err
 	}