diff -aur a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
--- a/lib/gnutls_handshake.c	2012-01-06 20:06:23.000000000 +0100
+++ b/lib/gnutls_handshake.c	2014-06-16 23:06:37.599605545 +0200
@@ -1797,7 +1797,7 @@
   DECR_LEN (len, 1);
   session_id_len = data[pos++];
 
-  if (len < session_id_len)
+  if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
     {
       gnutls_assert ();
       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;