diff --git a/rfc9114.md b/rfc9114.md
index 8a399ac4d9..135ccb86c2 100644
--- a/rfc9114.md
+++ b/rfc9114.md
@@ -1838,8 +1838,8 @@ or response containing an invalid field name into an HTTP/1.1 message.
 
 Similarly, HTTP/3 can transport field values that are not valid. While most
 values that can be encoded will not alter field parsing, carriage return (CR,
-ASCII 0x0d), line feed (LF, ASCII 0x0d), and the zero character (NUL, ASCII
-0x0d) might be exploited by an attacker if they are translated verbatim. Any
+ASCII 0x0d), line feed (LF, ASCII 0x0a), and the zero character (NUL, ASCII
+0x00) might be exploited by an attacker if they are translated verbatim. Any
 request or response that contains a character not permitted in a field value
 MUST be treated as malformed ({{malformed}}).  Valid characters are defined by
 the "field-content" ABNF rule in {{Section 5.5 of HTTP}}.