An application that performs multiple requests with libcurl's multi API and sets the CURLOPT_CONNECT_ONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection - and instead pick another one the application has created since then CREATE(Triage):(User=admin) CVE-2020-8231 (https://nvd.nist.gov/vuln/detail/CVE-2020-8231)