Since you mentioned ‘code,’ I’ll assume you mean software. When software is written, memory is allocated to the program to perform functions. Think of this memory as a bucket that holds a set amount of fluid. Hackers come in and see if they can fill that bucket with an additional amount of fluid. This additional fluid is what you describe as, ‘gap in code that grants that much access.’ The hacker fills the bucket and overflows it with their code, often resulting in the contents overflowing to be run by the computer.