Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures. Jared Mauch reported a vulnerability in Asterisk identified as AST-2011-009 through which an unauthenticated attacker may crash an Asterisk server remotely. If a user sends a package with a Contact header with a missing left angle bracket the server will crash. A possible workaround is to disable chan_sip. The vulnerability identified as AST-2011-010 reported about an input validation error in the IAX2 channel driver. An unauthenticated attacker may crash an Asterisk server remotely by sending a crafted option control frame.