diff --git a/src/h1.c b/src/h1.c
index 3330a5fcb..88a54c4a5 100644
--- a/src/h1.c
+++ b/src/h1.c
@@ -834,6 +834,10 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
 
 		if (likely(*ptr == ':')) {
 			col = ptr - start;
+			if (col <= sol) {
+				state = H1_MSG_HDR_NAME;
+				goto http_msg_invalid;
+			}
 			EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_sp, http_msg_ood, state, H1_MSG_HDR_L1_SP);
 		}
 
diff --git a/src/hpack-dec.c b/src/hpack-dec.c
index 147021cc3..052a7c3da 100644
--- a/src/hpack-dec.c
+++ b/src/hpack-dec.c
@@ -420,6 +420,15 @@ int hpack_decode_frame(struct hpack_dht *dht, const uint8_t *raw, uint32_t len,
 			/* <name> and <value> are correctly filled here */
 		}
 
+		/* We must not accept empty header names (forbidden by the spec and used
+		 * as a list termination).
+		 */
+		if (!name.len) {
+			hpack_debug_printf("##ERR@%d##\n", __LINE__);
+			ret = -HPACK_ERR_INVALID_ARGUMENT;
+			goto leave;
+		}
+
 		/* here's what we have here :
 		 *   - name.len > 0
 		 *   - value is filled with either const data or data allocated from tmp
diff --git a/src/qpack-dec.c b/src/qpack-dec.c
index 0da6cf89a..2d8115645 100644
--- a/src/qpack-dec.c
+++ b/src/qpack-dec.c
@@ -531,6 +531,15 @@ int qpack_decode_fs(const unsigned char *raw, uint64_t len, struct buffer *tmp,
 			len -= value_len;
 		}
 
+		/* We must not accept empty header names (forbidden by the spec and used
+		 * as a list termination).
+		 */
+		if (!name.len) {
+			qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__);
+			ret = -QPACK_DECOMPRESSION_FAILED;
+			goto out;
+		}
+
 		list[hdr_idx].n = name;
 		list[hdr_idx].v = value;
 		++hdr_idx;