CVE-2021-3156 heap overflow in sudo command line / environment argument handling can be exploited on MacOS Big Sur (currently unpatched) by creating a symlink to sudo, additionally I have observed that t_delete() exploitation on Solaris has been updated to prevent negative chunk size overwrites but because you can write NULL's it is possible to reliably exploit this flaw on Solaris 10/11. You should patch Solaris if you use sudo as the repo has an update - https://www.opencsw.org/package/sudo/