diff --git a/Misc/NEWS b/Misc/NEWS
index 7a3c22c4832..ac0541b1ad7 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -81,6 +81,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #24917: time_strftime() buffer over-read.
+
 - Issue #23144: Make sure that HTMLParser.feed() returns all the data, even
   when convert_charrefs is True.
 
diff --git a/Modules/timemodule.c b/Modules/timemodule.c
index d0917a40730..d71b3ac872a 100644
--- a/Modules/timemodule.c
+++ b/Modules/timemodule.c
@@ -655,6 +655,8 @@ time_strftime(PyObject *self, PyObject *args)
         outbuf != NULL;
         outbuf = wcschr(outbuf+2, '%'))
     {
+        if (outbuf[1] == L'\0')
+            break;
         /* Issue #19634: On AIX, wcsftime("y", (1899, 1, 1, 0, 0, 0, 0, 0, 0))
            returns "0/" instead of "99" */
         if (outbuf[1] == L'y' && buf.tm_year < 0) {