CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference
ID
CWE-395
Abstraction
Base
Structure
Simple
Status
Draft
Number of CVEs
12
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
Programmers typically catch NullPointerException under three circumstances:
- The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.
- The program explicitly throws a NullPointerException to signal an error condition.
- The code is part of a test harness that supplies unexpected input to the classes under test.
Of these three circumstances, only the last is acceptable.
Modes of Introduction
Phase | Note |
---|---|
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Java |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...