diff --git a/sshbn.c b/sshbn.c
index 42923ac0..8da7d8a0 100644
--- a/sshbn.c
+++ b/sshbn.c
@@ -1260,6 +1260,7 @@ Bignum bignum_random_in_range(const Bignum lower, const Bignum upper)
 
         ret = bignum_from_bytes(bytes, upper_bytes);
     } while (bignum_cmp(ret, lower) < 0 || bignum_cmp(ret, upper) > 0);
+    smemclr(bytes, upper_bytes);
     sfree(bytes);
 
     return ret;