diff --git a/ChangeLog b/ChangeLog
index 9b5e27880..6d32952eb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -78,6 +78,7 @@ Bugfix
    * Avoid use of statically sized stack buffers for certificate writing.
      This previously limited the maximum size of DER encoded certificates
      in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
+   * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
 
 API Changes
    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index d101bc748..b2c19db68 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1687,7 +1687,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
 
     if( p + len >= end )
     {
-        mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
+        mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }
@@ -1709,7 +1709,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
 
     if( p + len >= end )
     {
-        mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
+        mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }
@@ -1725,7 +1725,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
     if( p != end )
     {
         mbedtls_platform_zeroize( other_name,
-                                  sizeof( other_name ) );
+                                  sizeof( *other_name ) );
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }