diff --git a/ChangeLog.d/fix-asn1write-raw-buffer.txt b/ChangeLog.d/fix-asn1write-raw-buffer.txt
new file mode 100644
index 0000000000..292631aabc
--- /dev/null
+++ b/ChangeLog.d/fix-asn1write-raw-buffer.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * When calling mbedtls_asn1_write_raw_buffer() with NULL, 0 as the last two
+     arguments, undefined behaviour would be triggered, in the form of a call to
+     memcpy(..., NULL, 0). This was harmless in practice, but could trigger
+     complains from sanitizers or static analyzers.
diff --git a/library/asn1write.c b/library/asn1write.c
index 415357b7b5..97f9db039b 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -90,7 +90,9 @@ int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
 
     len = size;
     (*p) -= len;
-    memcpy(*p, buf, len);
+    if (len != 0) {
+        memcpy(*p, buf, len);
+    }
 
     return (int) len;
 }