1. Home
  2. Weaknesses
  3. CWE-395

CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference

ID CWE-395
Abstraction Base
Structure Simple
Status Draft
Number of CVEs 12
Detail Dashboard Vulnerabilities Web & Social
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

Programmers typically catch NullPointerException under three circumstances:

  • The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.
  • The program explicitly throws a NullPointerException to signal an error condition.
  • The code is part of a test harness that supplies unexpected input to the classes under test.

Of these three circumstances, only the last is acceptable.

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Java

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-705 Incorrect Control Flow Scoping Class Simple Incomplete
CWE-1000 Research Concepts Draft CWE-755 Improper Handling of Exceptional Conditions Class Simple Incomplete

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date