diff --git a/ChangeLog b/ChangeLog
index 7ac65ee18..4d27320aa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,8 @@ Security
    * Tighten should-be-constant-time memcmp against compiler optimizations.
    * Ensure that buffers are cleared after use if they contain sensitive data.
      Changes were introduced in multiple places in the library.
+   * Set PEM buffer to zero before freeing it, to avoid decoded private keys
+     being leaked to memory after release.
 
 Features
    * Allow comments in test data files.
diff --git a/library/pem.c b/library/pem.c
index ea36df882..9c3e60342 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -391,6 +391,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
 
 void mbedtls_pem_free( mbedtls_pem_context *ctx )
 {
+    if( ctx->buf != NULL )
+        mbedtls_zeroize( ctx->buf, ctx->buflen );
     mbedtls_free( ctx->buf );
     mbedtls_free( ctx->info );