diff --git a/lib/hd/common.js b/lib/hd/common.js
index df7d65ae..e39f77f3 100644
--- a/lib/hd/common.js
+++ b/lib/hd/common.js
@@ -52,32 +52,39 @@ common.cache = new LRU(500);
 common.parsePath = function parsePath(path, hard) {
   assert(typeof path === 'string');
   assert(typeof hard === 'boolean');
+  assert(path.length >= 1);
+  assert(path.length <= 3062);
 
   const parts = path.split('/');
-  const root = parts.shift();
+  const root = parts[0];
 
   if (root !== 'm'
       && root !== 'M'
       && root !== 'm\''
       && root !== 'M\'') {
-    throw new Error('Bad path root.');
+    throw new Error('Invalid path root.');
   }
 
   const result = [];
 
-  for (let part of parts) {
+  for (let i = 1; i < parts.length; i++) {
+    let part = parts[i];
+
     const hardened = part[part.length - 1] === '\'';
 
     if (hardened)
       part = part.slice(0, -1);
 
+    if (part.length > 10)
+      throw new Error('Path index too large.');
+
     if (!/^\d+$/.test(part))
-      throw new Error('Non-number path index.');
+      throw new Error('Path index is non-numeric.');
 
     let index = parseInt(part, 10);
 
     if ((index >>> 0) !== index)
-      throw new Error('Index out of range.');
+      throw new Error('Path index out of range.');
 
     if (hardened) {
       index |= common.HARDENED;
@@ -85,7 +92,7 @@ common.parsePath = function parsePath(path, hard) {
     }
 
     if (!hard && (index & common.HARDENED))
-      throw new Error('Cannot derive hardened.');
+      throw new Error('Path index cannot be hardened.');
 
     result.push(index);
   }