diff --git a/CHANGES b/CHANGES
index 8f2aa3e19c..fd9140107a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4165.	[bug]		An failure to reset a value to NULL in tkey.c could
+			result in an assertion failure. (CVE-2015-5477)
+			[RT #40046]
+
 4164.	[bug]		Don't rename slave files and journals on out of memory.
 			[RT #40033]
 
diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index c442914685..b8eb83a9be 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -649,6 +649,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
 		 * Try the answer section, since that's where Win2000
 		 * puts it.
 		 */
+		name = NULL;
 		if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
 					 dns_rdatatype_tkey, 0, &name,
 					 &tkeyset) != ISC_R_SUCCESS) {