diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
index 5aa10fc4de..7959c1c01f 100644
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -498,24 +498,18 @@ static int wireguard_decode_key_and_warn(
                 (void) warn_file_is_world_accessible(filename, NULL, unit, line);
 
         r = unbase64mem_full(rvalue, strlen(rvalue), true, &key, &len);
-        if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, r,
+        if (r < 0)
+                return log_syntax(unit, LOG_ERR, filename, line, r,
                            "Failed to decode wireguard key provided by %s=, ignoring assignment: %m", lvalue);
-                goto finalize;
-        }
         if (len != WG_KEY_LEN) {
-                log_syntax(unit, LOG_ERR, filename, line, 0,
+                explicit_bzero_safe(key, len);
+                return log_syntax(unit, LOG_ERR, filename, line, 0,
                            "Wireguard key provided by %s= has invalid length (%zu bytes), ignoring assignment.",
                            lvalue, len);
-                goto finalize;
         }
 
         memcpy(ret, key, WG_KEY_LEN);
-        r = 0;
-
-finalize:
-        explicit_bzero_safe(key, len);
-        return r;
+        return 0;
 }
 
 int config_parse_wireguard_private_key(
diff --git a/test/fuzz/fuzz-netdev-parser/oss-fuzz-14157 b/test/fuzz/fuzz-netdev-parser/oss-fuzz-14157
new file mode 100644
index 0000000000..d3a65e1fed
--- /dev/null
+++ b/test/fuzz/fuzz-netdev-parser/oss-fuzz-14157
@@ -0,0 +1,5 @@
+[NetDev]
+Name=w
+Kind=wireguard
+[WireGuardPeer]
+PublicKey=e
\ No newline at end of file
diff --git a/test/fuzz/fuzz-netdev-parser/oss-fuzz-14158 b/test/fuzz/fuzz-netdev-parser/oss-fuzz-14158
new file mode 100644
index 0000000000..6f6bf723b4
--- /dev/null
+++ b/test/fuzz/fuzz-netdev-parser/oss-fuzz-14158
@@ -0,0 +1,5 @@
+[NetDev]
+Name=w
+Kind=wireguard
+[WireGuard]
+PrivateKey=E
\ No newline at end of file