diff --git a/cid.go b/cid.go
index 68f1c01..2fd43e7 100644
--- a/cid.go
+++ b/cid.go
@@ -3,6 +3,7 @@ package cid
 import (
 	"bytes"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -88,6 +89,23 @@ func Decode(v string) (*Cid, error) {
 	return Cast(data)
 }
 
+var (
+	ErrVarintBuffSmall = errors.New("reading varint: buffer to small")
+	ErrVarintTooBig    = errors.New("reading varint: varint bigger than 64bits" +
+		" and not supported")
+)
+
+func uvError(read int) error {
+	switch {
+	case read == 0:
+		return ErrVarintBuffSmall
+	case read < 0:
+		return ErrVarintTooBig
+	default:
+		return nil
+	}
+}
+
 func Cast(data []byte) (*Cid, error) {
 	if len(data) == 34 && data[0] == 18 && data[1] == 32 {
 		h, err := mh.Cast(data)
@@ -103,11 +121,18 @@ func Cast(data []byte) (*Cid, error) {
 	}
 
 	vers, n := binary.Uvarint(data)
+	if err := uvError(n); err != nil {
+		return nil, err
+	}
+
 	if vers != 0 && vers != 1 {
 		return nil, fmt.Errorf("invalid cid version number: %d", vers)
 	}
 
 	codec, cn := binary.Uvarint(data[n:])
+	if err := uvError(cn); err != nil {
+		return nil, err
+	}
 
 	rest := data[n+cn:]
 	h, err := mh.Cast(rest)