diff --git a/apps/s_cb.c b/apps/s_cb.c
index fdb10b4b4..4b386ff93 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -915,8 +915,8 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
 int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
                            unsigned int cookie_len)
 {
-    unsigned char result[EVP_MAX_MD_SIZE];
-    unsigned int resultlength;
+    unsigned char result[EVP_MAX_MD_SIZE] = {0};
+    unsigned int resultlength = 0;
 
     /* Note: we check cookie_initialized because if it's not,
      * it cannot be valid */
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index ba9268138..ce8663647 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1174,6 +1174,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
         return 0;
     }
 
+    memset(&p, 0, sizeof(p));
     BN_CTX_start(ctx);
 
     if (scalar) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6168093aa..393abed0e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2169,6 +2169,7 @@ int SSL_shutdown(SSL *s)
         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
             struct ssl_async_args args;
 
+            memset(&args, 0, sizeof(args));
             args.s = s;
             args.type = OTHERFUNC;
             args.f.func_other = s->method->ssl_shutdown;
@@ -3864,6 +3865,7 @@ int SSL_do_handshake(SSL *s)
         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
             struct ssl_async_args args;
 
+            memset(&args, 0, sizeof(args));
             args.s = s;
 
             ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);