CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference

BaseDraft

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

View on MITRE
Back to CWE Lookup

Extended Description

Programmers typically catch NullPointerException under three circumstances: The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem. The program explicitly throws a NullPointerException to signal an error condition. The code is part of a test harness that supplies unexpected input to the classes under test. Of these three circumstances, only the last is acceptable.

Technical Details

Structure
Simple

Applicable To

Languages
Java
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-395

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references

CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference | CWE Lookup | Inventive HQ