diff --git a/ChangeLog b/ChangeLog
index d33369272..6ac3e781b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,9 @@ Bugfix
      for the parameter.
    * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
      sni entry parameter. Reported by inestlerode in #560.
+   * Set the next sequence of the subject_alt_name to NULL when deleting
+     sequence on failure. Found and fix suggested by Philippe Antoine.
+     Credit to OSS-Fuzz.
 
 API Changes
    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 708dbf771..dfd22f6e5 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -681,6 +681,7 @@ static int x509_get_subject_alt_name( unsigned char **p,
                                           sizeof( mbedtls_x509_sequence ) );
                 mbedtls_free( seq_prv );
             }
+            subject_alt_name->next = NULL;
             return( ret );
         }