diff --git a/ChangeLog b/ChangeLog
index a46100878..23b62b4e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -74,6 +74,7 @@ Bugfix
      irwir.
    * Enable Suite B with subset of ECP curves. Make sure the code compiles even
      if some curves are not defined. Fixes #1591 reported by dbedev.
+   * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
 
 API Changes
    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index d101bc748..b2c19db68 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1687,7 +1687,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
 
     if( p + len >= end )
     {
-        mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
+        mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }
@@ -1709,7 +1709,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
 
     if( p + len >= end )
     {
-        mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
+        mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }
@@ -1725,7 +1725,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
     if( p != end )
     {
         mbedtls_platform_zeroize( other_name,
-                                  sizeof( other_name ) );
+                                  sizeof( *other_name ) );
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }