diff --git a/base/applications/regedit/find.c b/base/applications/regedit/find.c
index df5c0959347..c970a53cf51 100644
--- a/base/applications/regedit/find.c
+++ b/base/applications/regedit/find.c
@@ -223,7 +223,7 @@ BOOL RegFindRecurse(
                                   NULL, &cb);
         if (lResult != ERROR_SUCCESS)
             goto err;
-        pb = malloc(cb);
+        pb = malloc(cb + 3); /* To avoid buffer overrun, append 3 NULs */
         if (pb == NULL)
             goto err;
         lResult = RegQueryValueExW(hSubKey, ppszNames[i], NULL, &type,
@@ -231,6 +231,11 @@ BOOL RegFindRecurse(
         if (lResult != ERROR_SUCCESS)
             goto err;
 
+        /* To avoid buffer overrun, append 3 NUL bytes.
+           NOTE: cb can be an odd number although UNICODE_NULL is two bytes.
+           Two bytes at odd position is not enough to avoid buffer overrun. */
+        pb[cb] = pb[cb + 1] = pb[cb + 2] = 0;
+
         if ((s_dwFlags & RSF_LOOKATDATA) &&
                 CompareData(type, (LPWSTR) pb, s_szFindWhat))
         {