diff --git a/ChangeLog b/ChangeLog
index 8ab4dbfbc7..0d9faf49b1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,8 @@ Security
    * Tighten should-be-constant-time memcmp against compiler optimizations.
    * Ensure that buffers are cleared after use if they contain sensitive data.
      Changes were introduced in multiple places in the library.
+   * Set PEM buffer to zero before freeing it, to avoid decoded private keys
+     being leaked to memory after release.
 
 Bugfix
    * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
diff --git a/library/pem.c b/library/pem.c
index ea36df8823..9c3e603424 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -391,6 +391,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
 
 void mbedtls_pem_free( mbedtls_pem_context *ctx )
 {
+    if( ctx->buf != NULL )
+        mbedtls_zeroize( ctx->buf, ctx->buflen );
     mbedtls_free( ctx->buf );
     mbedtls_free( ctx->info );