when checking the system I see that rpm is present and according to the scan it is susceptible to the above mentioned CVE-2021-3421.
{ "id":"CVE-2021-3421", "is_known_exploited_vuln":false, "description":"A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.", "urls":[ "https://nvd.nist.gov/vuln/detail/CVE-2021-3421", "https://bugzilla.redhat.com/show_bug.cgi?id=1927747", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/", "https://security.gentoo.org/glsa/202107-43" ]
Overall a small impact due to the Funtoo system characteristics but it does make it possible.
To eliminate CVE please upgrade to the latest version available on RPM.org Timeline:
http://rpm.org/timeline
Additionally, I would consider moving to the sys-apps category where we have portage because from my point of view it is the same package manager as emerge which is in sys-apps / portage