...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT Oracle Secure Coding Standard for Java | EXP01-J. Do not use a null in a case where an object is required | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TR 24772:2013 | Pointer Casting and Pointer Type Changes Changes [HFC] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TR 24772:2013 | Null Pointer Dereference [XYH] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961 | Dereferencing an out-of-domain pointer [nullref] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11MITRE CWE | CWE-476, NULL Pointer Dereference | 2017-07-06: CERT: Exact |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-690 and EXP34-C
EXP34-C = Union( CWE-690, list) where list =
- Dereferencing null pointers that were not returned by a function
CWE-252 and EXP34-C
Intersection( CWE-252, EXP34-C) = Ø
EXP34-C is a common consequence of ignoring function return values, but it is a distinct error, and can occur in other scenarios too.
Bibliography
| [Goodin 2009] | |
| [Jack 2007] | |
| [Liu 2009] | |
| [van Sprundel 2006] | |
| [Viega 2005] | Section 5.2.18, "Null-Pointer Dereference" |
...