CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference

low-risk

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

Abstraction: Base

Common Consequences

Availability DoS: Resource Consumption (CPU)

Detection Methods

Automated Static Analysis - Binary or Bytecode

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Bytecode Weakness Analysis - including disassembler + source code weakness analysis Binary Weakness Analysis - including disassembler + source code weakness analysis

Dynamic Analysis with Manual Results Interpretation

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Framework-based Fuzzer

Manual Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Manual Source Code Review (not inspections)

Automated Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer

Architecture or Design Review

According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Formal Methods / Correct-By-Construction Cost effective for partial coverage: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Real-World Examples (10)

CVE CVSS EPSS KEV
CVE-2022-2832 7.5 0.8%
CVE-2022-42878 2.8 0.1%
CVE-2022-29508 6.3 0.1%
CVE-2025-15514 7.5 0.1%
CVE-2023-25071 5.6 0.1%
CVE-2022-42879 6.1 0.1%
CVE-2023-41082 4.4 0.1%
CVE-2024-27662 6.5 0.1%
CVE-2024-27661 6.5 0.1%
CVE-2024-27659 6.5 0.1%
0
/ 100
low-risk
Active Threat 0/50 · Minimal
Exploit Availability 0/50 · Minimal