curl has insecure IPv6 connection. The vulnerability exists due to an errors in the logic where the config matching function did not take the IPv6 address zone id into account allowing the system to use the wrong connection when one transfer uses a zone id, and when subsequent transfer uses another.