...
Noncompliant Code Example (BigInteger)
This noncompliant code example extends the The java.math.BigInteger class . This class is itself an example of noncompliant code. It is non-final and consequently extendable. This can be a problem when operating on an instance of BigInteger that was obtained from an untrusted client. For example, a malicious client could construct a spurious mutable BigInteger instance by overriding BigInteger's member functions [Bloch 2008].
...