1. Home
  2. CWE Database
  3. CWE-1069
Variant · Low-Medium

CWE-1069: Empty Exception Block

An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.

CWE-1069 · Variant Level ·1 Mitigations

Description

An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.

Potential Impact

Other

Reduce Reliability

Demonstrative Examples

In the following Java example, the code catches an ArithmeticException.
Bad
public class Main {
                     public static void main(String[] args) {
                        int a = 1;
                        int b = 0;
                        int c = 0;
                        try {
                           c = a / b;
                        } catch(ArithmeticException ae) {
                        }
                     }
                  }
Since the exception block is empty, no action is taken.
In the code below the exception has been logged and the bad execution has been handled in the desired way allowing the program to continue in an expected way.
Good
public class Main {
                     public static void main(String[] args) {
                        int a = 1;
                        int b = 0;
                        int c = 0;
                        try {
                           c = a / b;
                        } catch(ArithmeticException ae) {
                           log.error("Divided by zero detected, setting to -1.");
                           c = -1;
                        }
                     }
                  }

Mitigations & Prevention

Implementation

For every exception block add code that handles the specific exception in the way intended by the application.

CWE-1071: Empty Code Block

The source code contains a block that does not contain any code, i.e., the block is empty.

Taxonomy Mappings

  • OMG ASCRM: ASCRM-RLB-1 —

Frequently Asked Questions

What is CWE-1069?

CWE-1069 (Empty Exception Block) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.

How can CWE-1069 be exploited?

Attackers can exploit CWE-1069 (Empty Exception Block) to reduce reliability. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-1069?

Key mitigations include: For every exception block add code that handles the specific exception in the way intended by the application.

What is the severity of CWE-1069?

CWE-1069 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.